关于DNS解析
7台主机的故事
7台主机纠缠不休的往事
这是一个男默女泪的催人泪下的真实故事
情节离奇曲折,事件接二连三,到底是怎样的执着让众多运维工程师掩面而泣
2019.4.23
Tuvia_24| 序号 | 实现功能 | 实现功能 | IP |
|---|---|---|---|
| 1 | Clint | 客户端 | 192.168.36.6 |
| 2 | LDNS | 本地DNS | 192.168.36.7 |
| 3 | RootDNS | 根域 | 192.168.36.17 |
| 4 | com | com | 192.168.36.27 |
| 5 | Master | 主服务器 | 192.168.36.37 |
| 6 | Slaves | 从服务器 | 192.168.36.47 |
| 7 | www | www | 192.168.36.67 |
注意:在实验前一定要确保7台机器都可以相互ping通!!CentOS7 :: www :: 192.168.36.67
[root@www ~]# yum install httpd -y
[root@www ~]# echo 'welcome to Tuvia`s home !' > /var/www/html/index.html # 自行编辑一个网页内容;便于识别
# 最好到Windows浏览器打开192.168.36.67查看一下该网页进行验证CentOS6 :: Clint :: 192.168.36.6
验证
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.36.6
NETMASK=255.255.255.0
DNS1=192.168.36.7 ## 指定DNS ##
ONBOOT=yes
:wq
[root@localhost ~]# service network restart
Shutting down interface eth0: Device state: 3 (disconnected)
[ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.36.7
[root@localhost ~]# curl 192.168.36.67
welcome to Tuvia`s home !CentOS7 :: Master :: 192.168.36.37
[root@severus ~]# yum install bind -y
[root@severus ~]# vim /etc/named.conf
listen-on port 53 { 127.0.0.1; }; #找到这行将这行注释掉
allow-query { localhost; }; #找到这行将这行注释掉
// listen-on port 53 { 127.0.0.1; }; #注释;即无效
// allow-query { localhost; }; #注释;即无效
allow-transfer {192.168.36.47;}; #并在options中添加这行;意味只允许47同步数据
:wq
[root@severus ~]#rndc reload
[root@severus ~]# vim /etc/named.rfc1912.zones
//
zone "magedu.com" { #在//下添加此内容
type master;
file "magedu.com.zone";
};
:wq
[root@severus ~]# cd /var/named
[root@severus named]# ls
data dynamic magedu.com.zone named.ca named.empty named.localhost named.loopback slaves
[root@severus named]# vim magedu.com.zone
$TTL 1D
@ IN SOA ns1 adm.magedu.com. ( 1 1H 10M 1D 3H )
NS ns1
NS ns2
ns1 A 192.168.36.37
ns2 A 192.168.36.47
www A 192.168.36.67
[root@severus named]# ll
total 20
drwxrwx--- 2 named named 23 Apr 23 00:09 data
drwxrwx--- 2 named named 31 Apr 23 09:34 dynamic
-rw-r--r-- 1 root root 137 Apr 23 11:16 magedu.com.zone
-rw-r----- 1 root named 2281 May 22 2017 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 6 Oct 31 08:29 slaves
[root@severus named]# chgrp named magedu.com.zone
[root@severus named]# chmod 640 magedu.com.zone
[root@severus named]# systemctl start namedCentOS6 :: Clint :: 192.168.36.6
验证
[root@localhost ~]# dig www.magedu.com @192.168.36.37
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com @192.168.36.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1068
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67 #
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns1.magedu.com. #
magedu.com. 86400 IN NS ns2.magedu.com. #
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.36.37 #
ns2.magedu.com. 86400 IN A 192.168.36.47 #
;; Query time: 1 msec
;; SERVER: 192.168.36.37#53(192.168.36.37)
;; WHEN: Tue Apr 23 04:23:11 2019
;; MSG SIZE rcvd: 116
CentOS7 :: Slaves :: 192.168.36.47
[18:24:54 root@severus ~]#yum install bind -y
[19:25:07 root@severus ~]#vim /etc/named.conf
listen-on port 53 { 127.0.0.1; }; #找到这行将这行注释掉
allow-query { localhost; }; #找到这行将这行注释掉
// listen-on port 53 { 127.0.0.1; }; #注释;即无效
// allow-query { localhost; }; #注释;即无效
allow-transfer {none;}; #并在options中添加这行;意为不允许任何人同步数据
:wq
[19:27:01 root@severus ~]#vim /etc/named.rfc1912.zones
//
zone "magedu.com" { #在//下添加此内容
type slave;
masters {192.168.36.37;};
file "slaves/magedu.com.zone";
};
:wq
[19:32:13 root@severus ~]#systemctl start named
[19:34:06 root@severus ~]#ll /var/named/slaves/
total 4
-rw-r--r--. 1 named named 304 Apr 23 17:39 magedu.com.zone #同步来的数据库CentOS7 :: comDNS :: 192.168.36.27
[17:11:37 root@severus ~]#yum install bind -y
[17:12:18 root@severus ~]#vim /etc/named.conf
listen-on port 53 { 127.0.0.1; }; #找到这行将这行注释掉
allow-query { localhost; }; #找到这行将这行注释掉
// listen-on port 53 { 127.0.0.1; }; #注释;即无效
// allow-query { localhost; }; #注释;即无效
:wq
[17:12:50 root@severus ~]#vim /etc/named.rfc1912.zones
//
zone "com" {
type master;
file "com.zone";
};
:wq
[17:14:21 root@severus named]#vim com.zone
$TTL 1D
@ IN SOA ns1 admin.magedu.com. (1 1D 1H 1W 3D )
NS ns1
magedu NS mageduns1
magedu NS mageduns2
ns1 A 192.168.36.27
mageduns1 A 192.168.36.37
mageduns2 A 192.168.36.47
:wq
[17:16:58 root@severus named]#systemctl start namedCentOS6 :: Clint ::192.168.36.6
验证
[root@localhost ~]# dig www.magedu.com @192.168.36.27
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com @192.168.36.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60127
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67 #
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS mageduns1.com. #
magedu.com. 86400 IN NS mageduns2.com. #
;; ADDITIONAL SECTION:
mageduns1.com. 86400 IN A 192.168.36.37 #
mageduns2.com. 86400 IN A 192.168.36.47 #
;; Query time: 3 msec
;; SERVER: 192.168.36.27#53(192.168.36.27)
;; WHEN: Tue Apr 23 04:41:49 2019
;; MSG SIZE rcvd: 128
CentOS :: RootDNS :: 192.168.36.17
[root@severus ~]# yum install bind -y
[root@severus ~]# vim /etc/named.conf
listen-on port 53 { 127.0.0.1; }; #找到这行将这行注释掉
allow-query { localhost; }; #找到这行将这行注释掉
// listen-on port 53 { 127.0.0.1; }; #注释;即无效
// allow-query { localhost; }; #注释;即无效
zone "." IN { #找到此内容
type hint;
file "named.ca";
};
zone "." IN { #改为此内容
type master;
file "root.zone";
:wq
[root@severus ~]# cd /var/named
[root@severus named]# vim root.zone
$TTL 1D
@ IN SOA ns1 admin.magedu.com. (1 1D 1H 1W 3D )
NS ns1
com NS comns
ns1 A 192.168.36.17
comns A 192.168.36.27
:wq
[root@severus named]# systemctl start named
CentOS6 :: Clint ::192.168.36.6
验证
[root@localhost ~]# dig www.magedu.com @192.168.36.17
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com @192.168.36.17
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38615
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67 #
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS mageduns1.com. #
magedu.com. 86400 IN NS mageduns2.com. #
;; ADDITIONAL SECTION:
mageduns1.com. 86400 IN A 192.168.36.37 #
mageduns2.com. 86400 IN A 192.168.36.47 #
;; Query time: 3 msec
;; SERVER: 192.168.36.17#53(192.168.36.17)
;; WHEN: Tue Apr 23 04:49:51 2019
;; MSG SIZE rcvd: 128
CentOS7 :: LDNS :: 192.168.36.7
[root@severus ~]# yum install bind -y
[root@severus ~]# vim /etc/named.conf
listen-on port 53 { 127.0.0.1; }; #找到这行将这行注释掉
allow-query { localhost; }; #找到这行将这行注释掉
// listen-on port 53 { 127.0.0.1; }; #注释;即无效
// allow-query { localhost; }; #注释;即无效
dnssec-enable yes; #找到这两行
dnssec-validation yes;
dnssec-enable no; #将yes改为no
dnssec-validation no;
:wq
[root@severus ~]# vim /var/named/named.ca
. 518400 IN NS a.root-servers.net.
a.root-servers.net. 3600000 IN A 192.168.36.17
[root@severus ~]# systemctl start named
[root@severus ~]# rndc flush #清除缓存CentOS7 :: LDNS :: 192.168.36.17
[root@severus ~]# rndc flush #清除缓存CentOS7 :: LDNS :: 192.168.36.27
[root@severus ~]# rndc flush #清除缓存CentOS7 :: LDNS :: 192.168.36.37
[root@severus ~]# rndc flush #清除缓存CentOS7 :: LDNS :: 192.168.36.47
[root@severus ~]# rndc flush #清除缓存CentOS6 :: Clint :: 192.168.36.6
验证
[root@localhost ~]# dig www.magedu.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> www.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17145
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.magedu.com. IN A
;; ANSWER SECTION:
www.magedu.com. 86400 IN A 192.168.36.67 #
;; AUTHORITY SECTION:
magedu.com. 86400 IN NS ns2.magedu.com. #
magedu.com. 86400 IN NS ns1.magedu.com. #
;; ADDITIONAL SECTION:
ns1.magedu.com. 86400 IN A 192.168.36.37 #
ns2.magedu.com. 86400 IN A 192.168.36.47 #
;; Query time: 7 msec
;; SERVER: 192.168.36.7#53(192.168.36.7)
;; WHEN: Tue Apr 23 05:00:36 2019
;; MSG SIZE rcvd: 116
总结:
此实验重点在于理解;步骤繁琐重复细节较多;切勿急于求成